About this weblog

Here we'll explore the nexus of legal rulings, Capitol Hill
policy-making, technical standards development, and technological
innovation that creates -- and will recreate -- the networked world as we
know it. Among the topics we'll touch on: intellectual property
conflicts, technical architecture and innovation, the evolution of
copyright, private vs. public interests in Net policy-making, lobbying
and the law, and more.

Disclaimer: the opinions expressed in this weblog are those of the authors and not of their respective institutions.

November 17, 2005

Boiling Frogs with Sony's Rootkit

For years, the entertainment industry's DRM strategy has seemed to follow the old story about how to boil a frog: Start it going in a pan of cold water and gradually turn up the heat.

So it is with digital rights management: Start consumers off with restrictions only the techiest edge-cases among them will notice, then quietly increase control. Apple's iTunes, for example, has downgraded the behavior of already-purchased music files. One day you could burn a playlist 10 times, the next day only seven.

Once you've accepted that "your" music comes with only a set of pre-defined uses -- and not any personal use you can invent -- you might not notice as you lose the ability to do your own format-shifting. Just as fans once re-purchased music as it moved from 45 to LP to CD, perhaps they could be conditioned not to complain if they were made to re-license when they replaced computers and stereo components. Instead of selling CDs, then, marketers will then be able to slice up the "music experience" and license pieces back to the fans whose rights they've taken, ideally for more than the one-time profit on a CD.

Given that Sony has taken to installing spyware to protect their music, you may be wondering why this episode in the DRM struggle has been good for the consumer. Simple: consumer awareness. For the past several years, much has been made of viruses and spyware and their adverse effects on our computers. The industry designed to stop these threats brings in tens of millions of dollars every year to stop these vicious pieces of software. The average consumer understands what a virus or spyware is. However, stop most consumers and ask them to explain DRM and you'll probably get a blank stare. Up until now, the consumer has been uneducated on what DRM is and how it will affect their daily lives. The major music and movie studios have been fine with this; and now that awareness is changing.

The average fan, who may never have been blocked from playing music from the (new) Napster music store on an iPod; who may never have tried to create her own version of the Daily Show from a TiVo-to-Go'd evening news program but been stymied by copy controls; suddenly has a vivid example of how DRM takes your music -- and your computer -- away from you. CERT, the US Computer Emergency Response Team, is advising
users, "Do not install software from sources that you do not expect to contain software, such as an audio CD."

Thanks for keeping the subject in the public's eye. I bought a Sony CD one month ago and have had to deal with this (and other problems) for quite a while. So I'm doing a favor for Sony. I've started a Frappr map of people affected by the Sony XCP rootkit. If you or your readers want to join, check out the map at http://www.frappr.com/sonyxcpvictims.

Note that Apple's iTunes reduced the "burn playlist" count from 10 to 7, but simultaneously increased the "authorized computers" allocation from 3 to 5. Changing the rules unilaterally is certainly grounds for debate, but I wouldn't call that case "boiling the frog".

To implement DRM requires a DRM platform. Right now there is no such thing, unless you are talking about the XBOX. As such, there are no significant players who'd come forth and sell the record companies one.

This leaves companies like Sony prone to bit players who are likely to take risks (e.g. LGPL code, phone home). In true Emperor has No Clothes fashion, Sony decided the parade must go on, regardless of what the crowd is thinking.

SonyBMG spyware discoveries (previously reported at SonyBMG Invades Your Computer and SonyBMG Invasion Even Uglier), continue. Even US Homeland Security advises people never to install any software from a music CD. Here is a list of currently found da... [Read More]